“The information accessed does not include resumes,” continues the statement from Mary Volz-Peacock, USAJOBS program director. “The accessed information does not include sensitive data such as social security numbers or personal financial data.”

But the government warns that the stolen data could be used in phishing schemes. This is a type of electronic fraud in which crooks use e-mail messages, pretending to come from legitimate organizations -- potentially the U.S. government in this case -- to secure sensitive information from those whose e-mail addresses were stolen.”

People with USAJOBS passwords may soon be required to change them, according to the announcement.

“USAJOBS will never send an unsolicited e-mail asking you to confirm your username and password,” says the alert, “nor will Monster ask you to download any software, ‘tool’ or ‘access agreement’ in order to use your USAJOBS account.”

The hacking of USAJOBS was part of a larger intrusion into Monster.com. A "security breach official alert" on that site says "we recently learned our database was illegally accessed and certain contact and account data were taken."

A mandatory change of e-mail passwords for company clients goes into effect today, according to Nikki Richardson, Monster's vice president of corporate communications. The company is "monitoring any illicit use of information and so far we have not detected the misuse of this information," she said in a telephone interview.

In addition to changing passwords, Richardson recommended that Monster users be vigilant for suspicious e-mails and review the Monster security page, which can be found at monster.com. More information also is available at usajobs.gov.

You know what? I had NO IDEA this had happened!! they have a small little alert thing on their site and that is it. this is the SECOND time USAJOBS has been hacked!!! Why will people apply for federal jobw when our info is not safe!!
THIS IS THE SECOND TIME and USA JOBS did not notify ANYONE!!!!!!!
What if I had not checked the USAJOBS site-- I would have NEVER KNOWN!!

Everyday the worthless employees and leadership of government want more and more information about our lives. Everyday they push for more computer usage and shared computer information. Even now the clowns want everything known about us on medical computers....But the north end of south bound mules aren't smart enough to secure it or chase down criminals accessing the information. Our government is simply a mess. The only difference between modern United States government and the Cub Scouts is that the Cub Scous have adult leadership.

By Freeman Klopott
Examiner Staff Writer 1/29/09
A fired Fannie Mae contract employee allegedly placed a virus in the mortgage giant’s software that could have shut the company down for at least a week and caused millions of dollars in damage, prosecutors say.

Rajendrasinh Makwana, an Indian citizen, was indicted Tuesday on computer intrusion charges. The former Gaithersburg resident is out on $100,000 bail, court documents said.

Makwana was fired from his contract position at Fannie Mae on Oct. 24 for changing computer settings without permission from his supervisor, FBI agent Jessica Nye wrote in a sworn statement. He had worked at Fannie Mae for three years as a computer engineer at the Urbana offices, where he had full access to all of the federally created mortgage company’s 4,000 servers. Before leaving work Oct. 24, Makwana allegedly tried to hide a code in server software that was set to activate the morning of Jan. 31, the agent wrote.

“Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week,” Nye wrote. “The total damage would include cleaning out and restoring all 4,000 of [Fannie Mae’s] servers, restoring and securing the automation of mortgages, and restoring all data that was erased.”

[ ... ]

We _know_ who this hacker was in this case; a foreign national allowed superuser access to 4000 servers storing and processing some of the most important financial data.

Mr Makwana was working for "OmniTech" which is Omnitech International. If you google that in the context of "H-1B" and "visa abuse" you will get lots and lots of hits.

So, the government letting foreigners run our information systems. I wonder why none of those foreigners noticed that a lot of other foreigners had gotten "liar loans" that they used to secure option-ARM (adjustable rate) mortgages that they relentlessly "flipped" every six months, fraudulently forcing upwards the valuations of homes.

The government needs to start hiring American (including Canadian) computer people instead of offshoring or importing people who are worked like slaves for about 3/4ths of industry scale for Americans; and who leave behind them incomprehensible skeins of "spaghetti code" that nobody else can decipher, not because the code's that good or profound, but because it's just jumping around for the sake of jumping around. And then they leave comment lines in Urdu or Hindi that nobody but their countrymen can understand.

It's time to lock down our systems, folks. It's not like there's a shortage of unemployed or underemployed US information technology workers.

The reason why code development is offshored, is becuase it is cheaper to use Indian and Pakistani labor than US or Canadian labor. Someone measured KSLOC (thousand lines of code) and looked at the cost of KSLOC done in India vs Redmond, Washington. No need for new facilities or improvement to current facilities, thus no new employees needed.

Microsoft thought that this would solve the mass of code necessary for the development of a new O/S (operating system) or applications. The model was to take the rough code and slim and refine it down with state-side programmers. This would reduce development costs and deploy a product.

where American corporations screw-up is that they try to have customer service run out of India or Pakistan. The problem in chief is communication. Regrettably, the accents are so strong, you're lucky if you can make out 7 out of 10 words.

Now that India has become a software powerhouse and the H1B visa program (which is a joke for the most part), India's rates have gone through the roof, hopefully jobs will return to our shores.

Oh, please. Reports say they used Monster.com's platform. Monster consists of ASP code running on Microsoft Windows Server, probably with a Microsoft SQLServer database backend. When Monster was hacked in 2007, it was via a Trojan being installed - not an exploit of the Monster site code. Probably the same this time - exploits of the underlying server or database code. And that's coded in Redmond.

this is the second time that this company has allow this to happen. OPM quit spending millions of dollars for this service and start using your federal government Information Technology workforce, between, DOI, DOD, there are numerous fee for service government agencies that can do this better than this contractor.

Expect to see more attacks on web sites that have anything to do with employment, especially as the Depression deepens. Remember that these are the same parasites that were registering domains like "katrinarelief.com" as that Hurricane was approaching New Orleans.

Note, however, that on the USAJobs website, there is not an in-your-face or top of the page notification, but rather there is a small item, along with other links, in small letters, on the left side, that reads:
Special Security Alert
Please read this notice

While the notice is explanatory, the notification, the alert notice, isn't enough to get anyone's attention, and can easily be considered one of many other type notices that suggest keep your password to yourself, don't reveal..., etc. It is not, NOT, indicative of a warning that the site and information on the site has been hacked.

Ah, you know, especially in the DC area, all sorts of foreigners are all throughout the information systems.

It's not as if there is a shortage of American/Canadian talent. I keep mentioning the Canadians because they are part of the same economy, we sneeze, they get pneumonia. But I digress.

Look, I worked for a company that had a fair amount of foreign talent but we also had lots of local (as in Beltsville/Laurel etc) engineers and coders. When you have system administrators with access levels global to your company, you don't necessarily want the least expensive talent or the most expensive talent. You don't even necessarily want the best talent. What you want is equanamity and loyalty, and professionalism above all. In the modern day, there is nothing more dangerous than a Disaffected Sysadmin, unless it's a group or network of Disaffected Sysadmins. Throw into the mix just a few nationalistic concerns and a little propaganda from their homeland's intelligence operations services, or even from their homeland's enemies' intelligence operations services, and it's a recipe for disaster.

Really, there seems to be a picture emerging of really significant lack of security concepts. Given some of the things that happened during the Bush-II administration in terms of failures of Homeland Security and border/immigration issues, sensible people should be running around screaming "the sky is falling ow it just hit me" but they're not. I think it's pretty clear that most politicians are incapable of listening and they've mostly appointed officials specifically to be ignorant of issues, deaf to warnings, and incompetent to act even if their heard and learned.

I predict very bad things in the very near future, if we don't start locking potentially hostile foreigners out of our systems and start going through every last line of code from the BIOS in our Lenovo Group laptops to the remote control for your cable-TV set-top boxes.

Another example of incompetent holdovers from the Bush administration. The white house computer system was stuck in the 1980s and there is no reason to use a private contractor to do this job. The right wing is still living in the stone age.

1) The FBI needs to pick this guy up immediately and hold him as an imminent threat and a flight risk.
2) The Bank of America needs to review every machine and piece of software this guy has touched since October.
3) If this person is on an H1-B visa - why has he been in the US (apparently) more than the allowed six years?
4) If an H1-B - why didn't BoA discover he was "on bail" when they checked with the visa clearing agency?

See www.D50.org for threat information I posted years ago on this very topic!

USAJOBS resumes are by hackers suddenly all replaced by pointers to INDIA SPIES and SABOTEURS. All phone numbers will after the hack be replaced by recruiter numbers to OMNITECH INTERNATIONAL or TATA INDUSTRIES, largest H-1B "brokers" and "recruiters".

Of course it's not possible. Ooops, this story reports that it is possible. Easily done, even.

Sadler: I posted _two_ links. You followed the one that's only tangentially related.

Having looked over the DoJ document, it looks almost as if Makwana could have just downloaded some fairly generic scripts from any number of Script Kiddie sites and modified them to his ends. That would not take very long. However, a certain amount of malice-aforethought is clearly present; however long it took to write these scripts, a fair amount of planning had to go into it. Nobody could accept for a moment that this was a crime of passion, but rather it was one of a studied attack coming out of cold blood.

And as to his relatives not coming to the US from India, well, if he had pulled this off, he would be about as popular as a Taliban warlord on September 15 2001 and so probably would be any other person from India looking for work in IT on the H-1B Visa.

arrabbiato wrote:
"No, MORE INFORMATION IS NOT AVAILABLE AT USAJOBS! THERE IS NOTHING INDICATING THAT EMAIL ADDRESSES AND PASSWORDS HAVE BEEN HACKED!"

Yes, there is information on the USAJobs website. However, it is was not an in-your-face or top of the page notification, but rather it was a small item, along with other links, in small letters, on the left side, that reads:
Special Security Alert
Please read this notice

While the notice is explanatory, the notification, the alert notice, isn't enough to get anyone's attention, and can easily be considered one of many other type notices that suggest keep your password to yourself, don't reveal..., etc. The link is not indicative of a warning that the site and information on the site has been hacked.

MattNYC1 wrote:
"Do the feds actually hire from the USAJobs website? Is it a complete listing of available positions?...Why not allow people to apply by email, using a resume and cover letter, then request more information if/when they want to interview the applicant?"

Yes, the Federal Government actually hires from the USAJobs website. And the reason they no longer want a variety of e-mails and cover letters with applications is because they've found that it's easier and quicker if there's a common system. While the old SF 171 forms were detailed and convoluted, they too were better than numerous people writing their application requests in numerous formats, making it necessary to spend an inordinate amount of time trying to determine what the individual was writing.

Is it the best system? Probably not, but can you come up with a better one, other than saying let people do it their own way?

gunnysgt77 wrote:
"Everyday the worthless employees and leadership of government want more and more information about our lives. Everyday they push for more computer usage and shared computer information. Even now the clowns want..."

Part of the problem is that everyone wants something from the government, and, like it or not, the only way to keep track of information in order to quickly access it, is by computer.

As for the "worthless employees" of government, I assume that gunnysgt77's anonymous screen name refers to his/her having been a U.S. Marine, a government employee; should I consider all Gunny Sergeants worthless? Sorry, but calling all government employees worthless is assinine and stupid. It seems that the only non-worthless government employees are those that provide something specific to someone specific (such as gunnysgt77), and everyone else is worthless; the problem is is that each citizen wants and expects something different, and that's part of what government employees are all about. Even so, I'm not sure how a private company's being hacked makes all government employees and leaders worthless.